CVEbaza.plSłownik CWECWE-421
Common Weakness Enumeration

CWE-421

Race Condition During Access to Alternate Channel

Kategoria: BaseCVE: 8
Opis

Produkt otwiera alternatywny kanał komunikacji z autoryzowanym użytkownikiem, ale kanał jest dostępny dla innych uczestników. Pozwala to nieuprawnionym osobom na uzyskanie dostępu do wrażliwych informacji lub funkcjonalności.

Description (EN)

The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.

Podatności CVE z CWE-421 (8)
7.5
CVSS
HIGH
CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue.

pub. 2025-08-01
7.5
CVSS
HIGH
CVE-2023-34438

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2023-08-11
6.5
CVSS
MEDIUM
CVE-2023-43687

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.

pub. 2025-08-14
6.5
CVSS
MEDIUM
CVE-2023-22310

Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

pub. 2023-11-14
6.5
CVSS
MEDIUM
CVE-2023-22276

Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.

pub. 2023-08-11
4.6
CVSS
MEDIUM
CVE-2023-34349

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2023-08-11
4.3
CVSS
MEDIUM
CVE-2023-40536

Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

pub. 2024-05-16
1.8
CVSS
LOW
CVE-2023-41090

Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2024-02-14
Informacje
ID: CWE-421
Typ: Base
Podatności: 8
MITRE CWE ↗
← Słownik CWE